Read all about identity security on the OctopusBlog!
Read all about identity security on the OctopusBlog!
Air gaping. It’s the ‘nuclear option’ of network security. By separating a machine from any other computer, managers can all but guarantee that it cannot be penetrated remotely. Air gaping, or network separation as it is often known, is the step taken by the serious neurotics among users or because the regulatory body you report to insist on it, those whom [...]
The most recent security baseline report from Microsoft has been making waves in the world of digital security. Experts at Microsoft asset that password-based authentication represents a basic risk to networks. “There’s no question that the state of password security is problematic and has been for a long time,” reads the post. “When humans pick their own passwords, too often they [...]
Large tech companies like Microsoft and Google go to great lengths to secure their services and protect their customers’ accounts and identities. But what about the security of the partners and third parties that provide services on their behalf? A recent article on famous cybersecurity blog KrebsOnSecurity blog post unveiled a breach at PCM, a major California-based provider of technology products, [...]
In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]
Telecom giant Verizon Wireless recently released their annual Data Breach Investigation Report for 2019. The Report lays out a data-driven assessment of threat trends and other stats on information-breach incidents over the previous year. Looking over the Report’s 78 pages, several important realities about the state of authentication security come to light. Stolen Passwords are Still #1 Threat The 2019 report [...]
If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]
Spear phishing. It’s one of the more vicious methods used by today’s cyber criminals to compromise networks. Phishing related attacks have been a favorite of the hackers tool kit for years. And these kinds of attacks are becoming more common and more sophisticated over time. What is Spear Phishing? In its most basic definition, phishing is an attempt to illicitly obtain [...]
The Bring Your Own Device (BYOD) approach is highly embraced by organizations, connecting users to corporate networks to reduce costs or as an easy solution for remote workers. The main beneficiaries of the trend are Virtual Desktop Infrastructure (VDI) such as Citrix, VMware and Microsoft, For many organizations and companies, Virtual Desktops provide an interesting option to connect their employees to [...]
The password has been the staple of authentication for years. While passwords are still very much a part of our information technology landscape, they have been on the decline for more than a decade. “There is no doubt that over time, people are going to rely less and less on passwords,” adding that passwords “just don’t meet the challenge for anything [...]
Enterprises have long used Virtual Private Networks (VPN) to protect their systems and provide a secure work environment. In today’s dynamic business climate, VPN’s have become even more essential. Private networks are now commonly used for organizations that want to give their employees remote, unfettered access to their private servers. With the security and flexibility they provide, it’s no wonder why [...]
A couple weeks ago, we covered the West Australian government’s security audit here on the Octopus Blog. The section of the governmental audit’s research into cyber security practices unveiled some pretty disturbing facts. Given the opportunity, users will choose the most obvious, easiest to guess passwords, leaving them wide-open targets for cyber criminals. While the size and scope of this phenomenon [...]
On the Octopus Blog, we’ve delved quite a bit into the vulnerabilities of contemporary encryption standards. The system of Public Key Infrastructure (PKI) which forms the basis of most of the worlds authentication platforms, while presenting a powerful, easy to use encryption model, still left several holes through which attackers can breach networks and steal identities. Perhaps the single biggest problem [...]
Data breaches at healthcare organizations are some of the most critical security incidents. They put very damaging information at the disposal of cybercriminals and malicious actors. A slate of regulations in different jurisdictions classify health data as highly sensitive and penalize organizations that mishandle the information or fail to protect it against hackers. An example is the Health Insurance Portability and [...]